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Software cracking 


Software cracking (known as "breaking" 
mostly in the 1980s!1/) is an act of 
removing copy_protection from a 
software.!2] Copy protection can be 
removed by applying a specific crack. A 
crack can mean any tool that enables 
breaking software protection, a stolen 
product key, or guessed password. 
Cracking software generally involves 


circumventing licensing and usage 


restrictions on commercial software by 
illegal methods. These methods can 
include modifying code directly through 
disassembling and bit editing, sharing 
stolen product keys, or developing 
software to generate activation keys.!! 
Examples of cracks are: applying a patch 
or by creating reverse-engineered serial 
number generators known as keygens, 
thus bypassing software registration and 
payments or converting a trial/demo 
version of the software into fully- 
functioning software without paying for 
it.l4] Software cracking contributes to the 
rise of online piracy where pirated 


software is distributed to end-users! 


through filesharing sites like BitTorrent, 
One click hosting (OCH), or via Usenet 
downloads, or by downloading bundles of 
the original software with cracks or 
keygens. |4! 


Some of these tools are called keygen, 
patch, loader, or no-disc crack. A keygen is 
a handmade product serial number 
generator that often offers the ability to 
generate working serial numbers in your 
own name. A patch is a small computer 
program that modifies the machine code 
of another program. This has the 
advantage for a cracker to not include a 
large executable in a release when only a 


few bytes are changed.!?! A loader 
modifies the startup flow of a program and 
does not remove the protection but 
circumvents it.!SI[Z! A well-known example 


of a loader is a trainer used to cheat in 


games.!8! Fairlight pointed out in one of 
their .nfo files that these type of cracks are 
not allowed for warez scene game 
releases. l2II6I[10] A nukewar has shown that 
the protection may not kick in at any point 
for it to be a valid crack. H 


Software cracking is closely related to 


reverse engineering because the process 
of attacking a copy protection technology, 
is similar to the process of reverse 


engineering.!12! The distribution of cracked 
copies is illegal in most countries. There 
have been lawsuits over cracking 
software,!1! It might be legal to use 
cracked software in certain 
circumstances.!4! Educational resources 
for reverse engineering and software 
cracking are, however, legal and available 
in the form of Crackme programs. 


History 


Software are inherently expensive to 
produce but cheap to duplicate and 
distribute. Therefore, software producers 
generally tried to implement some form of 


copy protection before releasing it to the 
market. In 1984, Laind Huntsman, the 
head of software development for 
Formaster, a software protection company, 
commented that ‘no protection system 
has remained uncracked by enterprising 
programmers for more than a few 
months" .!2! In 2001, Dan S. Wallach, a 
professor from Rice University, argued that 
‘those determined to bypass copy- 
protection have always found ways to do 
so — and always will" ll 


Most of the early software crackers were 
computer hobbyists who often formed 
groups that competed against each other 


in the cracking and spreading of software. 
Breaking a new copy protection scheme 
as quickly as possible was often regarded 
as an opportunity to demonstrate ones 
technical superiority rather than a 
possibility of money-making. Software 
crackers usually did not benefit materially 
from their actions and their motivation 
was the challenge itself of removing the 
protection.!2! Some low skilled hobbyists 
would take already cracked software and 
edit various unencrypted strings of text in 
it to change messages a game would tell a 
game player, often something considered 
vulgar. Uploading the altered copies on file 
sharing networks provided a source of 


laughs for adult users. The cracker groups 
of the 1980s started to advertise 
themselves and their skills by attaching 
animated screens known as crack intros in 
the software programs they cracked and 
released.!16! Once the technical 
competition had expanded from the 
challenges of cracking to the challenges of 
creating visually stunning intros, the 
foundations for a new subculture known 
as demoscene were established. 
Demoscene started to separate itself from 
the illegal “warez scene’ during the 1990s 
and is now regarded as a completely 
different subculture. Many software 


crackers have later grown into extremely 


capable software reverse engineers; the 
deep knowledge of assembly required in 
order to crack protections enables them to 


reverse engineer drivers in order to port 
them from binary-only drivers for Windows 
to drivers with source code for Linux and 
other free operating systems. Also 
because music and game intro was such 
an integral part of gaming the music 
format and graphics became very popular 
when hardware became affordable for the 
home user. 


With the rise of the Internet, software 
crackers developed secretive online 
organizations. In the latter half of the 


nineties, one of the most respected 
sources of information about "software 


protection reversing’ was Fravias website. 


In 2017, a group of software crackers 
started a project to preserve Apple Il 
software by removing the inherent Apple II 
copy protection. !14! 


+HCU 


The High Cracking University (+HCU) was 
founded by Old Red Cracker (+ORC), 
considered a genius of reverse 
engineering and a legendary figure in 
Reverse Code Engineering (RCE), to 


advance research into RCE. He had also 


taught and authored many papers on the 
subject, and his texts are considered 
classics in the field and are mandatory 
reading for students of RCE.!18! 


The addition of the "+" sign in front of the 
nickname of a reverser signified 
membership in the +HCU. Amongst the 
students of +HCU were the top of the elite 
Windows reversers worldwide.!18! +HCU 
published a new reverse engineering 
problem annually and a small number of 
respondents with the best replies qualified 
for an undergraduate position at the 
university. !18! 


+Fravia was a professor at +HCU. Fravia's 
website was known as ‘+Fravias Pages of 
Reverse Engineering and he used it to 
challenge programmers as well as the 
wider society to ‘reverse engineer’ the 
"brainwashing of a corrupt and rampant 
materialism’. In its heyday, his website 
received millions of visitors per year and 
its influence was "widespread".!18I On his 
site, +Fravia also maintained a database of 
the tutorials generated by +HCU students 
for posterity. 1 


Nowadays most of the graduates of +HCU 
have migrated to Linux and few have 
remained as Windows reversers. The 


information at the university has been 
rediscovered by a new generation of 
researchers and practitioners of RCE who 
have started new research projects in the 
field.!18] 


Methods 


The most common software crack is the 
modification of an application's binary to 
cause or prevent a specific key branch in 
the program's execution. This is 


accomplished by reverse engineering the 
compiled program code using a debugger 
such as SoftICE,'22! OllyDbg, GDB, or 
MacsBug until the software cracker 


reaches the subroutine that contains the 
primary method of protecting the software 
(or by disassembling an executable file 
with a program such as IDA).!21! The binary 
is then modified using the debugger or a 
hex editor such as HIEW!22! or monitor in a 


manner that replaces a prior branching 


opcode with its complement or a NOP 
opcode so the key branch will either 
always execute a specific subroutine or 
skip over it. Almost all common software 
cracks are a variation of this type. A region 
of code that must not be entered is often 
called a ‘bad boy’ while one that should be 
followed is a "good boy".!23! 


Proprietary software developers are 
constantly developing techniques such as 
code obfuscation, encryption, and self- 


modifying_code to make binary 
modification increasingly difficult.!24! Even 
with these measures being taken, 
developers struggle to combat software 
cracking. This is because it is very 
common for a professional to publicly 
release a simple cracked EXE or Retrium 
Installer for public download, eliminating 
the need for inexperienced users to crack 


the software themselves. 


A specific example of this technique is a 
crack that removes the expiration period 


from a time-limited trial of an application. 
These cracks are usually programs that 
alter the program executable and 
sometimes the .dll or .so linked to the 
application and the process of altering the 
original binary files is called patching.!12! 
Similar cracks are available for software 
that requires a hardware dongle. A 
company can also break the copy 
protection of programs that they have 
legally purchased but that are licensed to 
particular hardware, so that there is no risk 
of downtime due to hardware failure (and, 
of course, no need to restrict oneself to 
running the software on bought hardware 


only). 


Another method is the use of special 
software such as CloneCD to scan for the 
use of acommercial copy protection 
application. After discovering the software 
used to protect the application, another 
tool may be used to remove the copy 
protection from the software on the CD or 
DVD. This may enable another program 
such as Alcohol 120%, CloneDVD, Game 
Jackal, or Daemon Tools to copy the 
protected software to a user's hard disk. 
Popular commercial copy protection 
applications which may be scanned for 
include SafeDisc and StarForce |2°! 


In other cases, it might be possible to 
decompile a program in order to get 
access to the original source code or code 
on a level higher than machine code. This 
is often possible with scripting languages 
and languages utilizing JIT compilation. 
An example is cracking (or debugging) on 
the .NET platform where one might 
consider manipulating CIL to achieve one's 
needs. Javas bytecode also works ina 


similar fashion in which there is an 
intermediate language before the program 
is compiled to run on the platform 
dependent machine code.!26! 


Advanced reverse engineering for 
protections such as SecuROM, SafeDisc, 


StarForce, or Denuvo requires a cracker, or 
many crackers to spend much more time 
studying the protection, eventually finding 
every flaw within the protection code, and 
then coding their own tools to ‘unwrap’ the 
protection automatically from executable 
(.EXE) and library (.DLL) files. 


There are a number of sites on the Internet 
that let users download cracks produced 
by warez groups for popular games and 
applications (although at the danger of 
acquiring malicious software that is 
sometimes distributed via such sites) [22] 


Although these cracks are used by legal 
buyers of software, they can also be used 
by people who have downloaded or 
otherwise obtained unauthorized copies 
(often through P2P networks). 


Software piracy 


Software cracking led to the distribution of 
pirated software around the world 
(software piracy). It was estimated that 
the United States lost US$2.3 billion in 
business application software in 1996. 
Software piracy rates were especially 
prevalent in African, Asian, East European, 


and Latin American countries. In certain 


countries such as Indonesia, Pakistan, 
Kuwait, China, and El Salvador !28! 90% of 


the software used was pirated.|22! 


See also 


e Reverse engineering 
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